GDPR: How to obtain consent and more

GDPR: How to obtain consent and more

GDPR is intended to strengthen and unify data protection for all individuals within the European Union. It is the most important change in the data privacy regulation in 20 years.

With the General Data Protection Regulation (GDPR) coming into force on 25th May 2018 across the European Union, it is more important than ever to look at how technology can you achieve GDPR compliance.

It is important to understand how your organisation is preparing for GDPR and that you have everything in place ahead of May. Penalties for non-compliance could cost an organisation upwards of £20 million or 4% of total annual worldwide revenue, whichever is higher.

Many businesses have been and still are preparing for the GDPR. Around 38% of respondents acknowledge that they are not ready for the GDPR and are still preparing themselves.

Here, in the form of questions and answers, we cover what GDPR is, why it matters and how you can ensure you comply.

What constitutes personal data?

Personal data is any information related to a natural person or “data subject” that can be used to directly or indirectly identify them. It can be anything from a name, a photograph, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What geographic areas does it cover?

GDPR applies to all companies processing the personal data of people residing in the EU.

Will regulations be different depending on company size?

The regulations apply to all organisations that hold personally identifiable information (PII), no matter how small or large.

How do I obtain consent?

The request for consent must be given in an intelligible and easily accessible form using clear and plain language. The purpose of data processing must be made clear.

Consent must be freely given, specific, informed and unambiguous. It must be clear and distinguishable from other matters and not, for example, bundled with the acceptance of other terms and conditions. It must be as easy to withdraw consent as it is to give it.

The regulations state that explicit consent is required only for processing sensitive personal data – in this context, nothing short of “opt in” will suffice. It adds that, for non-sensitive data, “unambiguous” consent will suffice.

Join our GDPR Educational Seminar

There is a vast amount of material freely available about GDPR but it can be a case of information overload and knowing what the rules are and knowing what to do about them are two very different things. To help you as you take your first steps towards GDPR compliance, Taylor Made are hosting a GDPR Educational Seminar.

Taylor Made is working with La Vern Martin, Head of KPMG’s Technology team for the South Coast, who will discuss the following:

The impacts of data sharing and personal privacy

The principles of the GDPR

The key areas of change versus current legislation

Where to focus going forward

Should you wish to join our GDPR Educational Seminar please book your place today to receive all the information you will need ahead of 2018.

Careers

If you believe you can help us to support our client base we would love to hear from you. If you do not see anything that you think would suit you, we are always looking for talented individuals and welcome speculative enquiries, so please contact us and send in your CV using the form on our careers page.

Taylor Made’s policy is that all applicants must have the right to work in the UK.